When it comes to building a mobile security team for today’s businesses, technical skills are just the starting point. For any forward-looking enterprise, the talent acquisition strategy around security has to involve soft skills as well.
According to a recent Forrester paper, “Build A Cross-Functional Mobile Security Team,” in order to develop a well-rounded team, “security execs must … partner with the office of the CIO and business leaders on strategic initiatives.”
In the early days, security training and implementation existed in their own stovepipes, while business units were similarly siloed. Security teams didn’t participate in application development. However, the current environment demands a different approach: a cross-functional group that includes both the security specialist and the operations staff. Furthermore, security professionals can no longer be purely IT-driven. In the most successful enterprise mobile security efforts, the security team will possess both technical abilities and humanities skills, along with a thorough understanding of the business aspects of the organization.
How should organizations forge this unique squad?
- Mobile app delivery and management: In order to enforce good security policies, the security team needs to work hand-in-glove with mobile app developers across an organization. A DevOps approach offers one means to ensure the application development team and application security experts promote best practices together.
- OS APIs: Security professionals need to understand and enforce the rules around the operating system application programming interface (OS API). Ideally the person who plays a key role in device certification will have expertise in a variety of mobile platforms. A thorough understanding of mobile device management software will also help to ensure proper audit and compliance policies.
- Threat modeling: The talent acquisition strategy should focus on individuals who have the ability to think like an attacker. A security professional who also understands the business side will be better able to seek out and identify threats and vulnerabilities within a system, while implementing best practices in mobile security.
- Enterprise business architecture: The security standards and architecture team doesn’t operate in a vacuum. Rather, this team should work in tandem with the enterprise architecture team and various business unit leads to determine the specific security policies governing mobile use across the enterprise. This enterprise-wide view will drive policies around data discovery and data indexing, and can also help implement a more stringent approach to mobile security architecture.
In addition to these tech-specific skills and approaches, it’s equally important that a security specialist possess critical “soft skills,” which are the interpersonal capabilities that make collaboration and cooperation possible in a dynamic, complex social ecosystem.
Going Beyond Technical Skills
Strong written and presentation skills matter, even when hiring for IT positions. Among security decision-makers who find it hard to hire qualified security employees, Forrester notes, 40 percent list communication skills as among the most needed in their organizations today. In order to operate effectively across business units, security executives must be able to communicate at all levels of the organization.
Although it is critically important for any professional to tell the story, it isn’t always enough. The talent acquisition strategy must forge an IT team that also has persuasive skills, with the ability to negotiate and influence. Security is participatory: It requires buy-in from the end user, and that means a security team must be able to influence and guide them to the appropriate destination.
Professionals who displace a social, receptive and collaborative attitude will help to foster a team spirit across the enterprise. Social skills help ensure that when mobility does roll out across the enterprise, the security team will be a welcome partner in the process.
The mobile workflow is becoming increasingly ingrained, and increasingly diverse, across the enterprise landscape. Security teams in turn need be embedded ever more firmly within the enterprise, as collaborative partners standing shoulder to shoulder with the business units. By seeking out security professionals who possess a mix of technical expertise and critical soft skills, enterprise IT leaders can foster the kind of collegial environment that drives security in the rapidly evolving mobile space.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.